Configuration of the client

threshold parameter

The threshold value in the client is the numerical value inbetween 0 and 100 where clients will be blocked if their
IP's reputation in iprepd is below this value.

What you will want this value to be set to will be highly contextual to your application and environment, with considerations
of what kind of violations exist, how likely a client is to activate these violations, how often a client will retry, etc.

A decent value to start at is 50, but you will want to make sure this is tested along side the implemented iprepd
violations for your environment.

Example

-- Parameters within options:-- Required parameters:-- api_key - An active API key for authenticating to iprepd-- threshold - The reputation threshold, where IP's with a reputation below this number will-- be blocked. There is no default for this, as it will be application specific,-- but as described above 50 is a good starting place.---- Optional parameters:-- url - The base URL to iprepd (defaults to "http://localhost:8080/")-- cache_ttl - The iprepd response cache ttl in seconds (defaults to 30)-- timeout - The timeout for making requests to iprepd in milliseconds (defaults to 10)-- cache_errors - Enables (1) or disables (0) caching errors. Caching errors is a good-- idea in production, as it can reduce the average additional latency-- caused by this module if anything goes wrong with the underlying-- infrastructure. (defaults to disabled)-- statsd_host - Host of statsd collector. Setting this will enable statsd metrics collection-- statsd_port - Port of statsd collector. (defaults to 8125)-- statsd_max_buffer_count - Max number of metrics in buffer before metrics should be submitted-- to statsd (defaults to 100)--
client =require("resty.iprepd").new({
url ="http://127.0.0.1:8080",
api_key =os.getenv("IPREPD_API_KEY"),
threshold =50,
cache_ttl =30,
timeout =10,
cache_errors =1,
statsd_host ="127.0.0.1",
statsd_port =8125,
statsd_max_buffer_count =100,
})

Running locally

Create a .env file in this repo with the needed environment variables (documentaion below).

Then run:

$ make build
$ make run_dev

Then you will be able to hit this proxy with: curl http://localhost:80

Environment Variables

Note:

Quotations in env vars matter with nginx. Don't use them if you are using --env-file in Docker.